Coursework in CybersecurityGoal: Learn concepts and tools for hardening computer devices and systems against attack.• Topics include:

1. Security services, such as authentication, authorization, and accounting, required for security goals, such as confidentiality, integrity, and availability (NIST).

2. Mechanisms such as encryption, firewalls, and vulnerability assessment.

• Hands-on assignments include: 1. Utilizing network and operating system mechanisms that

support security.

2. Testing and analyzing open-source software tools on different platforms, such as Windows and Linux virtual machines hosted on a VMware hypervisor.

The Need for Vigilance

• At home– There have been increases in attacks on wireless

devices and home computers.

• At work– There have been increases in Internet attacks and

extortions.

• In our country– Cyber-warfare tools have been utilized and are of

increasing danger to our infrastructure.

Symantec threat report 2015Highlights from Symantec Corporation Internet Security Threat Report 2015http://www.symantec.com/security_response/publications/threatreport.jsp

“Last year, 60 percent of all targeted attacks struck small- and medium-sized organizations. These organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments. This puts not only the businesses, but also their business partners, at higher risk.”

“Attackers also perfected watering hole attacks, making each attack more selective by infecting legitimate websites, monitoring site visitors and targeting only the companies they wanted to attack.” {A watering hole attack seeks to penetrate associates of the targeted company and to use the trusted associates to attack the targeted companies.}

b

Symantec threat report 2015“Digital Extortion on the Rise: 45 Times More People Had Their Devices Held Hostage in 2014”‘While most people associate “extortion” with Hollywood films and mafia bosses, cybercriminals have used ransomware to turn extortion into a profitable enterprise, attacking big and small targets alike.

Ransomware attacks grew 113 percent in 2014, driven by more than a 4,000 percent increase in crypto-ransomware attacks. Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, crypto-ransomware holds a victim’s files, photos and other digital media hostage without masking the attacker’s intention. The victim will be offered a key to decrypt … files, but only after paying a ransom that can range from $300-$500—and there’s no guarantee their files will be freed.

In 2013, crypto-ransomware accounted for a negligible percentage of all ransomware attacks (0.2 percent, or 1 in 500 instances). However, in 2014, crypto-ransomware was seen 45 times more frequently. While crypto-ransomware predominately attacks devices running Windows, Symantec has seen an increase in versions developed for other operating systems. Notably, the first piece of crypto-ransomware on mobile devices was observed on Android last year.”

Symantec threat report 2015

“Cybercriminals Are Leveraging Social Networks and Apps to Do Their Dirty Work”

“Email remains a significant attack vector for cybercriminals, but there is a clear movement toward social media platforms. In 2014, Symantec observed that 70 percent of social media scams were manually shared. These scams spread rapidly and are lucrative for cybercriminals because people are more likely to click something posted by a friend.

Mobile devices were also ripe for attack, as many people only associate cyber threats with their PCs and neglect even basic security precautions on their smartphones. In 2014, Symantec found that 17 percent of all Android apps (nearly one million total) were actually malware in disguise. Additionally, grayware apps, which aren’t malicious by design but do annoying and inadvertently harmful things like track user behavior, accounted for 36 percent of all mobile apps.”

Symantec threat report 2015“The Internet of Things is not a new problem, but an ongoing one.”

“Symantec continued to see attacks against Point of Sales systems, ATMs, and home routers in 2014. These are all network-connected devices with an embedded operating system, though they’re not often considered part of the Internet of Things (IoT). Whether officially part of the IoT or not, attacks on these devices further demonstrate that it’s no longer only our PCs at risk. And the potential for cyberattacks against cars and medical equipment should be a concern to all of us.

Risks to many IoT devices are exacerbated by the use of smartphones as a point of control. Symantec discovered that 52 percent of health apps—many of which connect to wearable devices—did not have so much as a privacy policy in place, and 20 percent sent personal information, logins, and passwords over the wire in clear text.

Some of this may reflect the attitudes of end users. In a Norton survey, one in four admitted they did not know what they agreed to give access to on their phone when downloading an application and 68 percent were willing to trade their privacy for nothing more than a free app.”

Kaspersky Labs http://usa.kaspersky.com

• Key requirement: to survive the age of cyber-warfare. • Kaspersky Lab cites the need to protect vulnerable industrial systems.•  “In the long run, cyber-warfare is where all parties lose: attackers,

victims and even uninvolved observers. Unlike traditional weapons, tools used in cyber-warfare are very easy to clone and reprogram by adversaries. The most important move to survive in this environment is the development and deployment of a new, advanced security paradigm for critical infrastructure.” Eugene Kaspersky

• “The ongoing escalation of the cyber-arms race increases threats to critical infrastructure.

• Cyber-warfare is a universal threat with no respect for borders. Its impact on critical industrial systems and infrastructure can be disastrous.”

Interview with Eugene Kasperskyhttp://usa.kaspersky.com/about-us/press-center/eugene-kaspersky-social-media-chat

• Eugene Kaspersky: ‘I wish I could say “the world is getting much safer”, but, unfortunately, there are definitely more threats to come. One of the reasons is the constant growth in the number of computers, and now smartphones. There are more than 1.3 billion mobile devices with access to the Internet right now. And each and every one of them (well, almost), is connected to social networks with very confidential personal data such as ID info, paid online accounts data (such as Skype, World of Warcraft, PayPal etc.), bank account information. And cybercriminals see that growth and try to use this growing infrastructure for evil purposes.

• Plus, there’s a number of really huge cyber-weapons we’ve discovered this year (on our own and together with our partners).The governments are starting to bring espionage and warfare tools to the online world. And I’m afraid it would take a lot of guts, time and efforts to fight them.’

Kaspersky Labs http://usa.kaspersky.com/

• “In Q2 2015, botnet-assisted DDoS attacks targeted victims in 79 countries across the world.

• 77% of botnet-assisted attacks targeted resources located in 10 countries.

• The largest numbers of DDoS attacks targeted victims in China and the USA. South Korea has risen to the third place.

• The longest DDoS attack in Q2 2015 lasted for 205 hours (or 8.5 days).

• SYN DDoS and TCP DDoS were the most common scenarios of DDoS attacks. HTTP DDoS was displaced to the third position.”

Digital Attack Maphttp://www.digitalattackmap.com

• Arbor Networks together with Google has created a data visualization map to show how serious DDoS attacks have become.

• Arbor Networks Reports the Most Volumetric DDoS Attacks Ever in the First Half of 2014

•        1H 2014 saw 100+ attacks larger than 100GB/sec•        NTP reflection attacks responsible for nearly 50% of attacks over

100GB/sec • BURLINGTON, MA., July  15, 2014 – Arbor Networks Inc., “a leading

provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, today released global DDoS attack data derived from its ATLAS® threat monitoring infrastructure. The data shows an unparalleled number of volumetric attacks in the first half of 2014 with over 100 attacks larger than 100GB/sec reported.”  

• Data includes: traffic volume; ports; countries attacking and being attacked

DDoS Attacks• Anonymous Attacked PayPal, Visa, MasterCard 2010-2011

• PayPal suspended payments to Wikileaks fundraising account.• Estimated cost to PayPal 3.5 million pounds

• Oct. 2014. “An unclassified portion of the White House network has been hit with what appears to be an ongoing cyber attack. Efforts to mitigate the threat have resulted in temporary system outages and loss of network connectivity for some users.” http://www.ddosattacks.net

• March 30, 2015 — “As Rutgers University works to recover from a weekend cyber attack, Fairleigh Dickinson University officials confirm that a similar attack shut down the university's own computer network Saturday. Dina Schipper, director of university public relations, confirmed that the university was hit with a denial of service attack on Saturday. Both the Teaneck and Florham Park campuses were affected, Schipper said”

http://www.nj.com/middlesex/index.ssf/2015/03/cyber_attacks_hit_fairleigh_dickinson_rutgers_work.html

Confidentiality Attacks

“The hackers who stole personal data on 4 million government employees from the U.S. Office of Personnel Management sneaked past a sophisticated counter-hacking system called Einstein 3, a highly-touted, multimillion-dollar and mostly secret technology that’s been years in the making.”

http://www.bloomberg.com/news/articles/2015-06-06/china-hackers-got-past-costly-u-s-computer-security-with-ease from Bloomberg BusinessMichael Riley June 5, 2015

What can we do?

Learn the fundamentals of cybersecurity• Network Security• Information Security• CryptographyAims include:• Understand the threats and vulnerabilities• Learn how to harden your systems

To understand Network Security, first study the Internet and the Web

• Investigate network functionsRouting, addressing, protocol layers

• Investigate network and Internet vulnerabilities– Open ports, fragmentation, spoofing– Turn off Obsolete services

• Investigate web vulnerabilities– Corrupted DNS servers, hosts file– Corrupted web sites

Sample Projects on Virtual Machines

• Network commands include:– ipconfig, ifconfig, netstat, arp, ping, nslookup,

route , traceroute

• Reconnaissance tools include:– wireshark, nmap, etherape, snort, nessus

Windows command promptexecution of ipconfig

Three virtual machines obtain their and their gateway IP and MAC addressesAll execute netstat to find open ports on their own machines

Netstat in Windows• netstat –a displays current Internet connections as well as listening and closing

ports

Linux environmentexecution of command “top” to see system performance in response to nmap scan

EtherApe,a graphical network monitor

Our client XP virtual machine, hosted on a VMware hypervisor (virtual machine manager), is accessing www.google.com (green ray). The client XP machine, a

Windows server machine, and a Linux machine ping each other (red rays). There is continual communication between all three virtual machines and the gateway using protocols such as ICMP, HTTP, TCP, SMB (Server Message Block), DNS, etc.

Wireshark (www.wireshark.org) Network protocol analyzer

Display of TCP protocol and network traffic

•

Wireshark network traffic; protocols used; data sent

Wireshark Traffic Analysis: request and response

Nmap (nmap.org)Security scanner

Finds open ports, host operating system, services offered.Effectively used on your own machine as well as others.

SNORT Intrusion detection using events, a database, and A.I.

Monitoring of the nmap Xmas tree scan by SNORT is shown.

What do you gain from a computer security course?

• Protect your machine.– Learn about system vulnerabilities.– Learn how to harden your system– Learn how to use security tools

• Understand network interactions–Monitor network traffic– Understand Internet and host vulnerabilities

• Be familiar with leading security organizations and the information that they provide.